searchsearch

www.hkeasychat.com

golang遊戲項目中使用tls、https 與etcd服務通訊 鳥棲草堂 - 手機遊戲討論區

登入     註冊



golang遊戲項目中使用tls、https 與etcd服務通訊 鳥棲草堂

水497發表於 2019-9-19 17:02:01
作者:Golang语言社区
在全球同服的遊戲架構中,網絡結構一般設計成集群的形式,用戶隨便在哪個服務器節點上都可以玩,也就要求每個節點的環境都是一致的,節點之間是可以自由下線上線的,用戶是可以在每個節點自由注冊的…等等,各種需求的出現,會需要一款能主動發現節點上線線,能統計全局所有服務器負載、狀態,能實時下發配置等信息到所有節點的這麼一款軟件,那麼就用到 ETCD了。

etcd 作為 高可用分布式配置同步的軟件,一般只對內網服務,偶爾也會暴露到外網。不管是內網,還是外網,都需要安全認證這一步,而其默認是有以及用戶名、密碼的認證方式,只是需要對每一個索引做權限設定。etcd 官方也後 TSL 的認證,同時也只是 HTTPS 形式傳輸數據,以確保哪怕在內網傳輸,也保證數據安全性。

ETCD server的配置的下載地址︰https://github.com/coreos/etcd/releases/download/v3.2.7/etcd-v3.2.7-linux-amd64.tar.gz,解壓後,可看到其版本信息

[email protected]:/data/etcd/etcd-v3.2.7-linux-amd64# ./etcd --version

etcd Version: 3.2.7

Git SHA: bb66589

Go Version: go1.8.3

Go OS/Arch: linux/amd64

如果不需要證書,不需要鑒權就可以訪問,則可以直接使用了。。。

對于需要確保加密傳輸,需要權限認證的服務,那麼還是需要證書來保證的,關于證書生成,,借助工具 cfssl

mkdir ~/bin

curl -s -L -o ~/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64

curl -s -L -o ~/bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64

chmod +x ~/bin/{cfssl,cfssljson}

export PATH=$PATH:~/bin

為了確保遊戲集群管理的 ETCD 的高可用,一般都會有多個 ETCD 服務同時運行組成一個 ETCD 的集群。 ETCD 才調用 RAFT的算法進行主節點選舉,日志同步等等。ETCD 節點之間的通訊,也需要證書的認證。為了便于以後的etcd節點變更,一般都會以域名形式來提供服務,故需要解析幾個 etcd 的域名,我這里以etcd1.cnxct.com、etcd2.cnxct.com,同時解析到對應服務器上。我這里的例子是解析到本機。


展開全文
創建證書臨時存放的目錄(為了看起來好區別)

mkdir ~/cfssl

cd ~/cfssl

echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | cfssl gencert -initca - | cfssljson -bare ca -

echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key encipherment","server auth","client auth"]}}}' > ca-config.json

export ADDRESS=etcd1.cnxct.com,etcd2.cnxct.com,127.0.0.1

export NAME=server

echo '{"CN":"'$NAME'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname="$ADDRESS" - | cfssljson -bare $NAME

export ADDRESS=

export NAME=client

echo '{"CN":"'$NAME'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname="$ADDRESS" - | cfssljson -bare $NAME

查看一下生成的文件列表︰

[email protected]:~/cfssl# ll

total 48

drwxr-xr-x 2 root root 4096 Sep 15 15:13 ./

drwx------ 7 root root 4096 Sep 15 15:13 ../

-rw-r--r-- 1 root root 112 Sep 15 15:13 ca-config.json

-rw-r--r-- 1 root root 883 Sep 15 15:13 ca.csr

-rw------- 1 root root 1679 Sep 15 15:13 ca-key.pem

-rw-r--r-- 1 root root 1119 Sep 15 15:13 ca.pem

-rw-r--r-- 1 root root 928 Sep 15 15:13 client.csr

-rw------- 1 root root 1679 Sep 15 15:13 client-key.pem

-rw-r--r-- 1 root root 1180 Sep 15 15:13 client.pem

-rw-r--r-- 1 root root 928 Sep 15 15:13 server.csr

-rw------- 1 root root 1675 Sep 15 15:13 server-key.pem

-rw-r--r-- 1 root root 1233 Sep 15 15:13 server.pem

在這里的列表中,分為client.pem公鑰,client-key.pem私鑰。以及 ca.pem 公鑰,以及幾個 CSR證書請求文件;ca-key.pem 為 自制 ca 私鑰文件,需要妥善保管,不能外泄。

證書生成好了,驗證一下證書的有效性

[email protected]:~/cfssl# openssl x509 -in ca.pem -text -noout

[email protected]:~/cfssl# openssl x509 -in server.pem -text -noout

[email protected]:~/cfssl# openssl x509 -in client.pem -text -noout

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

15:f1:be:ac:e7:29:29:27...10:34:eb:c8:53:b1

Signature Algorithm: sha256WithRSAEncryption

Issuer: CN=CA

Validity

Not Before: Sep 15 07:08:00 2017 GMT

Not After : Sep 14 07:08:00 2022 GMT

Subject: CN=client

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (2048 bit)

Modulus:

00:a1:73:ce:3d:32......5d:6b:87:

2c:57:01:3c:0e:............

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Key Usage: critical

Digital Signature, Key Encipherment

X509v3 Extended Key Usage:

TLS Web Server Authentication, TLS Web Client Authentication

X509v3 Basic Constraints: critical

CA:FALSE

X509v3 Subject Key Identifier:

EF:75:5B:0E:4A:23:E6:9D:BF:3B:8.........7:48:69:5A:3E

X509v3 Authority Key Identifier:

keyid:18:A7:0C:9E:6A:91:.........:31:04:32:0B:A0:46

X509v3 Subject Alternative Name:

DNS:

Signature Algorithm: sha256WithRSAEncryption

81:2b:da:63:19:64:e0:ff:30:66:2f:a4:2f:95:52:da:47:54:

7a:88:63.........

如上,目測證書有效。將證書復制到 etcd 的配置目錄

[email protected]:/data/etcd/etcd-v3.2.7-linux-amd64# mkdir -p /data/etcd/ssl

[email protected]:/data/etcd/etcd-v3.2.7-linux-amd64# cp ~/cfssl/*.pem ../ssl/

開始配置etcd的配置文件

我在從官方下載下來的二進制包中 ,並沒有配置文件的例子文件,而且網上搜到的,幾乎都是早起etcd 2 時代的 linux 上conf 文件常見配置格式(就是那種井號注釋的那種)。在 etcd 3,都搞成了 yaml 格式了。

在網上用 google、baidu 搜了好久,壓根找不到yaml的例子。後來在 github 官網找到了 yaml 的例子地址 , https://github.com/coreos/etcd/blob/master/etcd.conf.yml.sample,這個強烈建議 etcd 項目組將這個配置的例子放到打包的二進制壓縮包里。

# This is the configuration file for the etcd server.

# Human-readable name for this member.

name: 'cnxct'

# Path to the data directory.

data-dir: '/data/etcd-data'

# Path to the dedicated wal directory.

wal-dir:

# Number of committed transactions to trigger a snapshot to disk.

snapshot-count: 10000

# Time (in milliseconds) of a heartbeat interval.

heartbeat-interval: 100

# Time (in milliseconds) for an election to timeout.

election-timeout: 1000

# Raise alarms when backend size exceeds the given quota. 0 means use the

# default quota.

quota-backend-bytes: 0

# List of comma separated URLs to listen on for peer traffic.

listen-peer-urls: 'https://0.0.0.0:2380'

# List of comma separated URLs to listen on for client traffic.

listen-client-urls: 'https://0.0.0.0:2379'

# Maximum number of snapshot files to retain (0 is unlimited).

max-snapshots: 5

# Maximum number of wal files to retain (0 is unlimited).

max-wals: 5

# Comma-separated white list of origins for CORS (cross-origin resource sharing).

cors:

# List of this member's peer URLs to advertise to the rest of the cluster.

# The URLs needed to be a comma-separated list.

initial-advertise-peer-urls: http://etcd1.cnxct.com:2380

# List of this member's client URLs to advertise to the public.

# The URLs needed to be a comma-separated list.

advertise-client-urls: https://etcd1.cnxct.com:2379

# Discovery URL used to bootstrap the cluster.

discovery:

# Valid values include 'exit', 'proxy'

discovery-fallback: 'proxy'

# HTTP proxy to use for traffic to discovery service.

discovery-proxy:

# DNS domain used to bootstrap initial cluster.

discovery-srv:

# Initial cluster configuration for bootstrapping.

initial-cluster:

# Initial cluster token for the etcd cluster during bootstrap.

initial-cluster-token: 'cnxct-etcd-cluster'

# Initial cluster state ('new' or 'existing').

initial-cluster-state: 'new'

# Reject reconfiguration requests that would cause quorum loss.

strict-reconfig-check: false

# Accept etcd V2 client requests

enable-v2: true

# Valid values include 'on', 'readonly', 'off'

proxy: 'off'

# Time (in milliseconds) an endpoint will be held in a failed state.

proxy-failure-wait: 5000

# Time (in milliseconds) of the endpoints refresh interval.

proxy-refresh-interval: 30000

# Time (in milliseconds) for a dial to timeout.

proxy-dial-timeout: 1000

# Time (in milliseconds) for a write to timeout.

proxy-write-timeout: 5000

# Time (in milliseconds) for a read to timeout.

proxy-read-timeout: 0

client-transport-security:

# DEPRECATED: Path to the client server TLS CA file.

ca-file: '/data/etcd/ssl/ca.pem'

# Path to the client server TLS cert file.

cert-file: '/data/etcd/ssl/server.pem'

# Path to the client server TLS key file.

key-file: '/data/etcd/ssl/server-key.pem'

# Enable client cert authentication.

client-cert-auth: true

# Path to the client server TLS trusted CA key file.

trusted-ca-file: '/data/etcd/ssl/ca.pem'

# Client TLS using generated certificates

auto-tls: true

peer-transport-security:

# DEPRECATED: Path to the peer server TLS CA file.

ca-file: '/data/etcd/ssl/ca.pem'

# Path to the peer server TLS cert file.

cert-file: '/data/etcd/ssl/server.pem'

# Path to the peer server TLS key file.

key-file: '/data/etcd/ssl/server-key.pem'

# Enable peer client cert authentication.

client-cert-auth: true

# Path to the peer server TLS trusted CA key file.

trusted-ca-file: '/data/etcd/ssl/ca.pem'

# Peer TLS using generated certificates.

auto-tls: true

# Enable debug-level logging for etcd.

debug: true

# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.

log-package-levels: etcdmain=CRITICAL,etcdserver=DEBUG

# Force to create a new one member cluster.

force-new-cluster: false

這里稍微說一下,在3.1.9時, listen-client-urls 跟 listen-client-urls 兩個參數,還是可以直接使用域名來配置的。 3.2.x 就不支持了,只能填正確的 IP 來配置。 initial-advertise-peer-urls跟advertise-client-urls兩個參數可繼續使用域名形式的地址。

測試一下 CA 證書在 etcd 服務器上是否正常工作

[email protected]:~/cfssl# openssl s_client -verify 100 -CAfile ca.pem -connect etcd1.cnxct.com:2379

verify depth is 100

CONNECTED(00000003)

depth=1 CN = CA

verify return:1

depth=0 CN = server

verify return:1

140065811416728:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:s3_pkt.c:1487:SSL alert number 42

140065811416728:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:

---

Certificate chain

0 s:/CN=server

i:/CN=CA

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIDYDCCAkigAwIBAgI

.........

.........

TKFXDw==

-----END CERTIFICATE-----

subject=/CN=server

issuer=/CN=CA

---

Acceptable client certificate CA names

/CN=CA

Client Certificate Types: RSA sign, ECDSA sign

Requested Signature Algorithms: RSA+SHA256:ECDSA+SHA256:RSA+SHA384:ECDSA+SHA384:RSA+SHA1:ECDSA+SHA1

Shared Requested Signature Algorithms: RSA+SHA256:ECDSA+SHA256:RSA+SHA384:ECDSA+SHA384:RSA+SHA1:ECDSA+SHA1

Peer signing digest: SHA384

Server Temp Key: ECDH, P-256, 256 bits

---

SSL handshake has read 1340 bytes and written 138 bytes

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

Protocol : TLSv1.2

Cipher : ECDHE-RSA-AES128-GCM-SHA256

Session-ID:

Session-ID-ctx:

Master-Key: 582AFFA41.........7ADE9769AC9A6A

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

Start Time: 1505461911

Timeout : 300 (sec)

Verify return code: 0 (ok)

---

同樣,測試 client 證書在 etcd 的服務上是否正常使用

[email protected]:~/cfssl# curl --cacert /data/etcd/ssl/ca.pem --cert /data/etcd/ssl/client.pem --key /data/etcd/ssl/client-key.pem -L https://etcd1.cnxct.com:2379/v2/keys/foo -XPUT -d value=bar -v

* Trying 127.0.1.1...

* Connected to etcd1.cnxct.com (127.0.1.1) port 2379 (#0)

* found 1 certificates in /data/etcd/ssl/ca.pem

* found 692 certificates in /etc/ssl/certs

* ALPN, offering http/1.1

* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256

* server certificate verification OK

* server certificate status verification SKIPPED

* common name: server (matched)

* server certificate expiration date OK

* server certificate activation date OK

* certificate public key: RSA

* certificate version: #3

* subject: CN=server

* start date: Fri, 15 Sep 2017 07:08:00 GMT

* expire date: Wed, 14 Sep 2022 07:08:00 GMT

* issuer: CN=CA

* compression: NULL

* ALPN, server did not agree to a protocol

> PUT /v2/keys/foo HTTP/1.1

> Host: etcd1.cnxct.com:2379

> User-Agent: curl/7.47.0

> Accept: */*

> Content-Length: 9

> Content-Type: application/x-www-form-urlencoded

>

* upload completely sent off: 9 out of 9 bytes

< HTTP/1.1 201 Created

< Content-Type: application/json

< X-Etcd-Cluster-Id: 965e90621e9f9f0f

< X-Etcd-Index: 4

< X-Raft-Index: 5

< X-Raft-Term: 2

< Date: Fri, 15 Sep 2017 07:52:54 GMT

< Content-Length: 88

<

{"action":"set","node":{"key":"/foo","value":"bar","modifiedIndex":4,"createdIndex":4}}

* Connection #0 to host etcd1.cnxct.com left intact

如上結果,可以看出,兩個證書均正常使用。

開始在 Golang 的 client 中使用證書文件︰

etcd 本身就是用 golang 語言編寫的,項目托管在 etcd 的 github地址,客戶端類庫在client目錄,以及 clientv3下,前一個適用與etcd v2的版本,後一個適用與v3的版本,在 golang 的包里,就是github.com/coreos/etcd/clientv3。在我的項目中,我使用的是v3版本的客戶端,使用證書,建立鏈接的偽代碼如下

import (

"crypto/tls"

"crypto/x509"

etcdclient "github.com/coreos/etcd/clientv3"

)

func NewEtcdCluster(etcdAdds []string, keyStatusPrifix, keyConfigPrifix, configDir string) (*EtcdCluster, error) {

var etcdCertPath = configDir + "/etcd/client.pem"

var etcdCertKeyPath = configDir + "/etcd/client-key.pem"

var etcdCaPath = configDir + "/etcd/ca.pem"

// load cert

cert, err := tls.LoadX509KeyPair(etcdCertPath, etcdCertKeyPath)

return nil, err

}

// load root ca

caData, err := ioutil.ReadFile(etcdCaPath)

if err != nil {

return nil, err

}

pool := x509.NewCertPool()

pool.AppendCertsFromPEM(caData)

_tlsConfig := &tls.Config{

Certificates: []tls.Certificate{cert},

RootCAs: pool,

}

cfg := etcdclient.Config{

Endpoints: etcdAdds,

TLS: _tlsConfig,

}

client, err := etcdclient.New(cfg)

if err != nil {

return nil, err

}

cluster := &EtcdCluster{

keyStatusPrifix: keyStatusPrifix,

keyConfigPrifix: keyConfigPrifix,

etcdAdds: etcdAdds,

ticker: time.NewTicker(time.Second * 5),

nodes: make(map[uint16]INodeStatus),

kapi: client,

}

return cluster, err

}

在遊戲集群中,遊戲服務器的節點在整個集群中是唯一的,每個節點都擁有一個唯一的節點 ID,而這個唯一 ID 在 ETCD 里的注冊,需要用到CAS原子性的操作,在 V2的客戶但里,是Set方法時,Options的PrevExist參數是 false 來實現。

_, err := this.kapi.Set(etcdcontext.Background(), value.GetKey(), "", &etcdclient.SetOptions{

TTL: time.Second * 10, //默認TTL值,要大于心跳包的間隔

PrevExist: "false", //CAS操作,等同于 CompareSwap 函數

})

在 V3里,是Txn來開啟事務,實現 CAS 操作

ctx, cancel := context.WithTimeout(context.Background(), ETCD_TRANSPORT_TIMEOUT)

kvc := etcdclient.NewKV(this.kapi)

_, err := kvc.Txn(ctx).

If(etcdclient.Compare(etcdclient.CreateRevision(keyName), "=", 0)).

Then(etcdclient.OpPut(keyName, "online")).

Commit()

cancel()

if err == nil {

this.selfNodeInfo = value

}

在遊戲服務器節點啟動後,把自己注冊到 ETCD 後,將從 ETCD 加載自己節點所屬的配置信息,比如若是 gateway 節點的話,加載自己將轉發到邏輯服務器的節點列表,加載客戶端版本過濾信息等等。偽代碼如下︰

func TestEtcdLoadConfig(t *testing.T) {

var ident = fmt.Sprintf("[lorisd-%04X]", 0x0001)

var priority = logging.LOG_LOCAL5

var e error

logging.LOG, e = logging.New(ident, "", logging.LOG_PERROR, priority, 1024*1024)

if e != nil {

panic(e)

}

var Etcd_dsn = []string{

"https://etcd1.cnxct.com:2379",

"https://etcd1.cnxct.com:2379",

}

var Etcd_key_status_prefix string = "/config/server_list"

var Etcd_key_config_prefix string = "/config/db_config"

var Runtime_datadir string = "/data"

cluster, e := etcd.NewEtcdCluster(Etcd_dsn, Etcd_key_status_prefix, Etcd_key_config_prefix, Runtime_datadir)

if e != nil {

t.Fatalf("連接 etcd 錯誤:%s",e)

}

t.Log("連接到ETCD成功,開啟協程接收chan 數據")

go cluster.Sync()

var nodeId uint32 = 0x00020001

var NodeStatus *etcd.NodeStatus = &etcd.NodeStatus{

KeyId: nodeId,

Addr: "127.0.0.1:5599", // 到 ETCD 注冊 當前服務的節點 ID,以及 服務器 IP、端口信息

}

e = cluster.Register(NodeStatus)

if e != nil {

t.Fatalf("無法將當前服務注冊到 ETCD :%s",e)

}

t.Logf("已將節點:%02X注冊到 ETCD",nodeId)

//獲取配置

var nodeConfig *etcd.NodeConfig

nodeConfig, e = cluster.DownloadConf()

if e != nil {

t.Fatalf("從 ETCD 加載配置出錯:%s",e)

}

t.Logf("已經從 ETCD 加載到 配置信息")

//this.updataConfigFromEtcd(nodeConfig *etcd.NodeConfig) 同步到當前進程的系統配置對象中

t.Logf("Db_log_dsn:%v",nodeConfig.Conf.Db_log_dsn)

t.Logf("Redis_pool_max_idle:%d",nodeConfig.Conf.Redis_pool_max_idle)

t.Logf("Redis_pool_max_active:%d",nodeConfig.Conf.Redis_pool_max_active)

}

同樣,在遊戲集群中,經常會遇到配置的調整,在以前的方法中,都是挨個到服務器上修改配置再重新加載,或者高級一點的,自己研發 GMtools 推送消息到遊戲的服務進程等等。我們在使用 etcd 時,使用 etcd 的 watch 功能,監控某個 KEY 的變動,若有變化,則立刻刷新到進程中的配置環境上,進行配置變更。當然,有些 DB 鏈接的 DSN,這些不會跟著改的。這種需求可以使用this.kapi.Watch(context.TODO(),keyName。

對于整個集群的配置管理,一般在 gmtools 里做統一配置管理,將配置寫入到 ETCD,再有遊戲服務器節點啟動時加載,或者遊戲服務器節點 watch 監控,遇到更新時也自動同步到其環境中。事例如下:

//設置 core服務器節點的配置信息

nodeConfig := &etcd.NodeConfig{}

nodeConfig.KeyId = 0x00020000 + node_id

nodeConfig.Conf = &etcd.ConfValue{}

nodeConfig.Conf.Db_characters_num = 3

nodeConfig.Conf.Server_id = 1

nodeConfig.Conf.Runtime_offline_interval = 5

nodeConfig.Conf.Runtime_login_timeout = 3

nodeConfig.Conf.Interfaces = "0.0.0.0:8866"

nodeConfig.Conf.Runtime_res_dir = "res"

nodeConfig.Conf.Db_world_dsn = "root:[email protected](139.196.23.123:3306)/game_server?charset=utf8&timeout=5s"

db_user_conf := make(map[uint8]string, 0)

db_user_conf[0] = "root:[email protected](139.196.23.123:3306)/game_user?charset=utf8&timeout=5s"

db_user_conf[1] = "root:[email protected](139.196.23.123:3306)/game_user?charset=utf8&timeout=5s"

db_user_conf[2] = "root:[email protected](139.196.23.123:3306)/game_user?charset=utf8&timeout=5s"

nodeConfig.Conf.Db_characters_dsn = db_user_conf

nodeConfig.Conf.Runtime_pidfile = "/run/game_server.%(node)s.pid"

nodeConfig.Conf.Runtime_res_dir = "res"

nodeConfig.Conf.Runtime_backup_dir = "/backups"

nodeConfig.Conf.Runtime_use_encrypted_protocol = false

nodeConfig.Conf.Runtime_relay_log = "/log/relay.log"

nodeConfig.Conf.Runtime_delayed_decode = true

nodeConfig.Conf.Runtime_synchronize_interval = 10 //自動同步到DB的時間間隔,單位秒

nodeConfig.Conf.Runtime_offline_interval = 5 //玩家離線後刪除內存數據並同步數據時間, 此時間一定要大于同步器周期時間Runtime_synchronize_interval

nodeConfig.Conf.Runtime_login_timeout = 3 //玩家登錄超時時間,單位秒

nodeConfig.Conf.Runtime_active_session_timeout = 3600

nodeConfig.Conf.Runtime_preload_interval = 2

nodeConfig.Conf.Runtime_preload_start_minute = 20

nodeConfig.Conf.Runtime_cpu_profile_enabled = false

nodeConfig.Conf.Runtime_preload_end_minute = 50

nodeConfig.Conf.Runtime_allocator_scale = 2

nodeConfig.Conf.Runtime_mysql_max_idle_conn = 2

nodeConfig.Conf.Runtime_mysql_max_open_conn = 10 //同上

nodeConfig.Conf.Runtime_handle_execute_time = 1

nodeConfig.Conf.Debug_executor_enabled = true

nodeConfig.Conf.Debug_crash_log_file = "/log/game_server.crash.log"

nodeConfig.Conf.Debug_user_zone = 2106

nodeConfig.Conf.Debug_authenticate_key = "123123123"

nodeConfig.Conf.Logfile_addr = "/log"

nodeConfig.Conf.Logpprof_addr = "/pprof"

nodeConfig.Conf.Logfile_size = 500 * 1024 * 1024

//配置結束...

nodeConfig.SetStatus(

func() string {

tmp, err := json.Marshal(nodeConfig)

return ""

}

return string(tmp)

})

t.Logf("SetStatus 完成 ")

e = cluster.UploadConf(nodeConfig)

if e != nil {

t.Fatalf("上傳數據到 ETCD 出錯, :%s",e)

}

t.Logf("上傳數據到 ETCD 完成")

綜上所述,對 etcd server 開啟了 https 的加密傳輸,開啟了 tls 的證書認證。可放心的在內網或者公網來傳輸數據,修改下發數據,確保不會惡意或無意的修改污染了。。。

本文來自︰www.cnxct.com

感謝作者︰CFC4N

查看原文︰golang遊戲項目中使用 tls、https 與etcd服務通訊  鳥棲草堂



原文地址:

相關內容:
上一篇:第一次見到如此高自由度的做菜遊戲…
下一篇:吃雞類和養成類手游在市場中各領風騷 下一類爆款手游會是什麼?

更多帖子推薦

手機遊戲討論區最新帖子快速翻頁:
234567891011121314151617

手機遊戲討論區

golang遊戲項目中使用tls、https 與etcd服務通訊 鳥棲草堂 -END- 

香港交友討論區hkeasychat - 香港社交論壇forum本交友論壇採用forum形式運作,會員所講所post交友話題、發起的交友活動與本交友網立場無關 本頁面任何內容(包括但不限於:『留言、文章』)不代表廣告商同意立場及觀點,本頁面可能出現間接宣傳。hkeasychat旗下討論區業務集團之一 - hkeasychat 香港交友討論區 聯絡我們